IDA: What's new in 7.0

Highlights

Welcome to IDA 7.0!

The biggest news is that IDA is a native 64-bit application! First of all it means that
now it can eat all memory of your computer and thrash it :) But jokes aside,
switching to 64-bit aligns IDA with other modern software and makes it more
compatible with the rest of the world. For example, IDAPython integration will
be easier and more streamlined because many operating systems nowadays come with the
64-bit Python preinstalled (32-bit Python won't work anymore).

Second, we took this change as an opportunity (since old 32-bit plugins won't work
with 64-bit IDA anyway) to clean up the IDA API, make
it more consistent and less confusing. If we failed or succeeded is to be seen,
but we ourselves like the new API much more. The fundamental concepts remain
the same and IDA did not lose any bit of its functionality during the cleanup.
We minutely tested all changes and ensured that all our tests continue to pass
as before or better. We also tried to make our 3 APIs: C++, Python, and IDC, to
be closer to each other. Function names and their functionality are the same
in most cases, but we tried to stay pythonic in Python and C++-ish in the C++ interface.
Since the changes are huge and it is easy to lose your way, we prepared a
Porting guide from the IDA 4.9-6.x API to the IDA 7.0 API
which explains what has changed and how. We hope that it will greatly help you
when porting your plugins to the new 7.0 API.

For Python and IDC we implemented a compatibility layer that will help you
with your scripts. Most of them should run fine on 7.0 with very minor or no changes.
We plan to turn off the compatibility layer in the next release, so please dedicate
some of your time to port your scripts to run without it.
See the IDA 7.0: IDAPython
backward-compatibility with 6.95 APIs page for more info.

To make the transition even smoother, we are also publishing a 32-bit version of IDA.
It can (and should) be only used to run old 32-bit plugins while you are porting
them to 64-bit. The 32-bit version of IDA can read v7 databases but it lacks some
very nice new features. Let us introduce them now.

Now IDA is a truly international application that can speak all languages of the
world because it uses UTF-8 everywhere. All scripts and plugins can use it. You
can use UTF-8 in the disassembly listing, including comments or even the
function names. This is not what we advise, therefore odd characters in names
require some fine tuning. See the IDA 7.0: Automatic
discovery of string literals during auto-analysis page for all the gory details.

By the way, the existing databases will have to be upgraded to benefit from the
UTF-8 encoding. We tried to make the upgrade process as simple as before but
there is a catch: since old databases could use any encoding, IDA has to guess
the old encoding on the fly. To learn how to help IDA with this error prone task,
see the IDA 7.0: Internationalization page.

IDA now parses and annotates exception handling information and RTTI. We plan to
improve the decompiler and IDA to take advantage of this information in the future.

We greatly improved Objective C support both in IDA and the Decompiler. Now the
metadata can be parsed on demand, not only at the loading time. The decompiler
produces much nicer output:

We improved the OSX and iOS debuggers to handle OSX 10.13 and iOS 11. There are
many changes under the hood but your experience should be the same as before or even better.

Complete changelist

Processor Modules

ARM: added one more pattern of thumb->arm transition

ARM: arm64: use simplified aliases for UBFM/SBFM instructions when applicable

BUGFIX: DWARF: some register aliases could be lost because complex location descriptors were improperly handled

BUGFIX: ELF: IDA could fail to apply relative relocations for FreeBSD

BUGFIX: ELF: ida could hang trying to load a ppc64 elf file with unknown bits in the elf flags

BUGFIX: ExportData action would silently overwite the output file if it already existed

BUGFIX: Fixed DWARF->IDA register mappings for ARM64

BUGFIX: For processor modules that aren't capable of reporting the minEA/maxEA, IDA wouldn't show scrollbars to scroll through the disassembly

BUGFIX: GDB: the 64-bit ELF files created by IDA for snippet debugging were using incorrect layout of program header entries

BUGFIX: GDB: the ELF files created by IDA for snippet debugging were missing information about BSS segments

BUGFIX: GDB: the GDB plugin would not activate for big-endian ARM binaries

BUGFIX: IDA could crash at startup on OSX 10.8

BUGFIX: IDA could crash when editing code in the "Scripts snippets" dialog

BUGFIX: IDA could crash when parsing corrupted codeview data

BUGFIX: IDA could crash when saving types with attributes

BUGFIX: IDA could crash while in proximity view, when performing path-related operations

BUGFIX: IDA could die with a fatal error during sp analysis

BUGFIX: IDA could fail to display first lines of disassembly for IDBs created in pre-4.0 IDA versions

BUGFIX: IDA could fail to distinguish between ARM VCVT/VCVTR instructions

BUGFIX: IDA could fail to load some elf core files

BUGFIX: IDA could fail to set a breakpoint at an address inside dyld_shared_cache

BUGFIX: IDA could fail to step over ARM TBZ/TBNZ instructions

BUGFIX: IDA could fail with interr 1263 if 2 different definitions of the same enum group were encountered

BUGFIX: IDA could hang momentarily at startup when many iOS devices were connected, even if the iOS Debugger was not being used

BUGFIX: IDA could hang trying to load a corrupted elf file

BUGFIX: IDA could hang trying to load a corrupted pe file

BUGFIX: IDA could hang while loading corrupted macho files

BUGFIX: IDA could interr 20016 on corrupted dyld_shared_cache files

BUGFIX: IDA could interr when loading pdb info for mozilla's xul.dll

BUGFIX: IDA could sometimes crash at startup (or after a debugging session) when the IDA View-A is a graph

BUGFIX: IDA would display a not-so-useful error message when trying to attach to a process on iOS 10 if fetching process list failed; now user can enter a PID to attachh

BUGFIX: IDA would fail to launch on OSX case-sensitive volumes because it couldn't find the cocoa plugin

BUGFIX: IDA would fail to step over ARM BR/BLR instructions

BUGFIX: IDA32 could try to load PE+ files and fail; now we explicitly advise to use ida64 for these files

BUGFIX: IDA64 could accept invalid files correctly rejected by ida32

BUGFIX: IDAPython: "atoa" was returning erroneous results for programs with a real segmentation

BUGFIX: IDAPython: 'delay_slot_insn' was not usable

BUGFIX: IDAPython: 6.95 introduced a regression in idc.GetMarkedPos()

BUGFIX: IDAPython: FindImmediate() was broken and could not be called

BUGFIX: IDAPython: IDA could crash at exit-time when no IDB was opened, and a timer fires right during the closing sequence

BUGFIX: IDAPython: IDA could crash if a simplecustviewer_t subclass closed itself by reacting to the "Escape" key

BUGFIX: IDAPython: back/front in qvector's were not usable

BUGFIX: IDAPython: don't rely on internal qcp.sh tool for building on OSX

BUGFIX: IDAPython: hexrays callbacks could not handle the 'hxe_create_hint' notification

BUGFIX: IDAPython: ida_idaapi.require() would set a binding to the imported module as attribute on the importing module's globals(), only if no the imported module was not already present (and possibly require()d by another module.)

BUGFIX: IDAPython: ida_ua.get_dtyp_by_size() would return a python 'str', incompatible with the 'dt_*' enumeration

BUGFIX: IDAPython: ida_ua.get_operand_immvals() wasn't functional

BUGFIX: IDAPython: idc.ExtLinA() & idc.ExtLinB() were broken

BUGFIX: IDAPython: idc.GetMarkedPos() & idc.GetMarkComment() couldn't be called with '-1' to prompt for the position

BUGFIX: IDAPython: idc.GetStringType() could return something other than None for locations that have offsets (but no strings.)

BUGFIX: IDAPython: netnode.get_name() was broken

BUGFIX: IDAPython: remove_tinfo_pointer() was unusable

BUGFIX: IDAPython: simplecustviewer_t::AddLine wouldn't apply the fg/bg colors unless they were provided as long

BUGFIX: IDAPython: simplecustviewer_t::RefreshCurrent() was not refreshing the view

BUGFIX: PPC: some instructions were incorrectly disassembled (r0 should be treated as zero instead of a register)

BUGFIX: PPC: the referencing address (from) in the call of add_dref should be a head

BUGFIX: Pressing Shift+Up/Down while at a listing boundary, wouldn't move the cursor's X position to the beginning or end of the line (for start & end of listings, respectively, allowing selection of text to comfortably reach the beginning or end of the view.)

BUGFIX: Pressing left or right while in Pseudocode view and auto-analysis was not finished, could eat the key and not move the cursor

BUGFIX: Proximity: collapsing children of nodes that are part of a 'path' could cause IDA to INTERR

BUGFIX: SDK: arm.hpp was attempting to include non-existent files

BUGFIX: TMS32028: fixed the plain binary file loading, the bytes in the word were swapped